Tag: cookies in perl

Perl CGI – Session and Cookie howto

Perl CGI – Session and Cookie howto

Introduction –

Almost  2 year back (today also!)  I struggled a lot for implementing session and cookie in Perl CGI application.  So thought to share my work with you all. I wanted to do it in my way…

Assumption, your web server ie Apache is enabled to run CGI scripts

CGI directory location – /var/application/www/cgi-bin/
Htdocs location – /var/application/www/
Perl Module direcotry – /var/application/module/

Step 1] Write Auth.pm Perl module –

Please simply copy following Auth.pm perl module for authentication using Session and Cookies…

[root@arun ~]# cat /var/application/module/Auth.pm

package Auth;

### Subroutine to authenticate user
sub  User
{
my ($ref_page) = (@_);
### Session information
my $sid = $ref_page->cookie("APP_SID") || undef;
my $session = CGI::Session->load(undef,$sid);
if ( $session->is_expired ) { print $ref_page->redirect(-location => '../arun.html');}
elsif ( $session->is_empty) { print $ref_page->redirect(-location => '../arun.html');}
else { print $ref_page->header();}
# don't forget to create dir '/var/tmp'
# with proper ownership/permission
#$session = new CGI::Session(undef, $sid, {Directory=>'/var/tmp'});
#################################################
return($session->param('login_user'));
}

1;
[root@arun ~]#

Step 2] authe_me.pl –

authe_me.pl file is used to set cookies and verify username/password. You may use MySQL DB to store username and password.  In this case you have to this file…

[root@arun ~]# cat /var/application/www/cgi-bin/auth_me.pl
#!/usr/bin/perl

sub BEGIN
{
unshift (@INC, '/var/application/module/');
}

use strict;
use warnings;
use CGI qw(:standard);
use CGI::Session;
use Auth; ## our module

### Header
########################
my $page = CGI->new();
##print $page->header();

##########
if ( $ENV{REQUEST_METHOD} eq "POST" )
{
my %form;
my $session_dir="/var/tmp";
 my ($admin_user,$admin_password) = ("admin","arun123");

foreach my $key (param()) { $form{$key} = param($key);}
##
if (($form{username}) && ($form{password}))
{

### Session Details ###
CGI::Session->name("APP_SID");
## Create new session
my $session = new CGI::Session(undef, undef, {Directory=>$session_dir});
 ## Set cookies
my $cookie = $page->cookie(-name=>$session->name(),-value=>$session->id(),-expires=>'+2h',-path=>'/');
## Store data in session variable and save it
$session->param('login_user',$form{username}); # OR
##$session->param(-name=>'login_user',-value=>$form{username});
$session->save_param($page, ["login_user"]);

## Session and Cookie expiration time is SAME.
$session->expire("+2h");
#### Session Details end ####

## if login successful redirect to main.pl else login page
if (($form{username} eq $admin_user) and ($form{password} eq $admin_password))
{ print $page->redirect(-location => 'main.pl',-cookie=>$cookie);}
else { print $page->redirect(-location => '../arun.html'); }
############################
} else { print $page->redirect(-location => '../arun.html'); }
}

[root@arun ~]#

Step 3] Create Login Page –

[root@arun ~]# cat /var/application/www/arun.html
<html>
<title>Arun Login Page</title>

<!-- Form start -->
<table align='center' border='1'>
<form method="POST" action="cgi-bin/auth_me.pl">
<tr>
<td><label>Login</label></td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td><label>Password</label></td>
<td><input name="password" type="password"><br/></td>
</tr>
<tr>
<td><input value="Submit" type="submit"></td>
</tr>

</form>
</table>

</html>

[root@arun ~]#

Step 4] Create main page where Session and Cookie authentication verified – main.pl

[root@arun ~]# cat /var/application/www/cgi-bin/main.pl
#!/usr/bin/perl

sub BEGIN
{
unshift (@INC, '/var/application/module/');
}

use strict;
use warnings;
use CGI qw(:standard);
use CGI::Session;
use Auth;

### Header
my $page = CGI->new();
## check authentication
my $login_name=Auth::User($page);
###
print $page->start_html( -title=>'Arun Main Page');

print "<h3>This is Main Page</h3></br>";
print "<br>Login Name - $login_name";

#end
[root@arun ~]#

Step 5] Please access login page and try http://your_ipaddr/arun.html

Thank you,
Arun